Consumers are becoming increasingly aware of the privacy and security aspects of their digital lives. Vehicle-to-vehicle or vehicle-to-infrastructure communication is yet another form of digital data exchange. How are privacy and security guaranteed?
Although vehicle-to-vehicle and vehicle-to-infrastructure communication -- collectively referred to as V2X -- is perhaps not yet widely known among consumers, car manufacturers are already working on its integration. In a few years' time, the first high-end models containing this technology will be introduced to the market. Initially, the selling point of these cars will be that they can exchange information with each other and with roadside equipment.
Not all details have been worked out yet, but all parties involved agree on the overall direction. The communication protocol has already been standardized as 802.11p. However, there are still quite a few regulatory details to be defined.
Media attention for this development is growing, and articles on the subject are often concluded with a remark about privacy: yet another way that others can know of your whereabouts. And how about security issues and related malfunctions of the car?
During a meeting of the European spectrum authorities at NXP last December, it became evident that these aspects have been given a great deal of thought. This is hardly surprising, as the automotive supply chain has been working on this development for the last five years.
The chicken or egg dilemma
According to Clara Otero Perez, head of the Concept Exploration Lab at NXP, a few things are important for the security of V2X communication. The first is authentication: Is the sender who they claim to be, or in this case, is the sender trustworthy? The second is integrity, i.e., the certainty that the message has not been tampered with. The third is non-repudiation, a term from cryptography that can perhaps best be explained as "undeniability" -- the sender must not be able to deny sending the message afterwards. Finally, the privacy concern of the car user must be addressed by providing anonymity (identity hiding) to prevent tracking.
The actual data does not need to be encrypted, as the whole purpose is to let the environment know what the car is doing.
The V2X security mechanism to authenticate messages is based on digital signatures, a mechanism very similar to the one used on the Internet. A few important modifications are made to correct shortcomings and make it suitable for automotive standards.
The heart of the system is public-key cryptography, in which every user uses two related numerical keys: one private key that is kept strictly secret, and a public key that may be revealed to anyone who wants to know. The trick is that the private key can only be used to encrypt a message, while the public key can only be used to decrypt it.
If a message can be decrypted using the public key, it proves that the sender has the private key. However, that only works if the sender is known; from a new sender the public key must first be obtained. And how do you know that you are dealing with the real sender?
The chicken-or-egg dilemma is solved by publishing the key via a digital certificate. A digital certificate binds a subject's identity with its public key(s) and (optional) properties. It is signed by another party -- using its own set of keys -- to confirm someone's public key (see text box, next page). If the recipient trusts this third party, it is safe to assume that the public key belongs to the intended sender. The third party can, of course, also be unknown, but certificates can be requested as often as it takes to find a known, trusted signatory.
So who are these trusted parties? On the Internet these are often the certificate authorities (CAs), organizations that issue certificates, usually at a charge. Web browsers and email client software usually include standard lists with root CAs and their public keys. There are also intermediate CAs that are not on the lists, but they can all be traced back to a root CA via the certificate system.
Next page: Signature